HIPAA Compliance Services

How Can We Help With HIPAA Compliance?
The HIPAA Privacy, Security, and Breach Notification Rules require a number of policies and procedures to be established, and actions to be taken for compliance.

The HIPAA Privacy Rule is undergoing significant changes with new patient rights and new restrictions on uses and disclosures of PHI going into effect. Proviatek can:

Review your HIPAA Privacy policies to ensure they include the required topics and reflect the new regulations, and

Provide the training necessary to get your staff up to speed on your HIPAA policies, new and old

The HIPAA Security Rule isn’t changing much, but it’s being enforced more fully and you need to be sure you have the risk analysis, policies, and procedures necessary to protect PHI. We can:

Perform a HIPAA Security Risk Analysis to identify the areas you need to focus on for reducing your security risks
Review your HIPAA Security policies to make sure they meet the extensive requirements of the rules, and provide new policy language where needed
Provide the training you need to make sure policies are actually implemented and followed

Provide technical security specialists to review the technical security of systems and networks and recommend and implement improvements
Establish the documentation necessary to show compliance, and documentation systems needed to stay in compliance

The HIPAA Breach Notification Rule requires that you have an incident handling process that will help you determine whether an incident is a breach or not, and what to do if it is. Proviatek can:

Review your policies and procedures to ensure you have what you need in the event of a potential breach

Provide the policies and processes to help prevent breaches, prepare for the eventuality of breaches, and provide a guide for what to do when a breach actually occurs

Business Associates have new obligations under the HIPAA regulations that will require changes to the Business Associate Agreements you have in place as well as new ones going forward. Proviatek can help you:

Prioritize your BA agreements for review and updating

Provide language to amend current agreements and create a new template

New audit and enforcement activities raise the bar for compliance with HIPAA. We can help you:

Work through the compliance questions asked of other entities in prior audits
Understand the most common risks and how they can be minimized

Avoid the problems the enforcers from the US Department of Health and Human Services find most often, and the fines they’ll be happy to levy for non-compliance

To discuss your needs, please contact us for an initial discussion at no cost. We’re always happy to answer questions and help as best we can.

HIPAA Security Compliance Services
The HIPAA Security Regulations had a compliance deadline of January 1, 2012, but the agency said it will not “initiate enforcement action” on that compliance before March 31, 2012. Compliance requires a complete inventory and analysis of all applications and information flows, as well as a complete health information Risk Analysis. In addition, all security compliance activities, policies, and procedures must be thoroughly documented.

Compliance with the Security Rule is not “just an IT department thing.” About half the requirements are administrative, and compliance involves everyone in your organization. HIPAA Security is all about having an information security process. Compliance requires a top-to-toe evaluation of your organization’s systems and security practices and its existing policies and procedures.

Proviatek HIPAA Security Compliance Services can provide the experienced assistance you need to meet all the requirements of the Security Rule.

What Is Required for HIPAA Security Compliance?
The HIPAA Security Regulations require a number of actions to be taken, policies and procedures to be established, and technologies to be implemented. There are at least 50 high-level HIPAA Security Regulation details to be considered and acted upon to achieve compliance, and many of those details have multiple components.

The requirements of the Security Regulations are flexible, which allows covered entities to consider a wide variety of factors in defining what is “reasonable and appropriate.” But entities must also perform Risk Analysis and fully justify and document each action taken to satisfy the regulations. The preparations that must be undertaken to attain compliance are substantial.

For instance, CFR §164.308(a)(7), a single regulation section concerning Contingency Planning requires that a covered entity:

Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

This standard includes a number of implementation requirements that must be addressed for each system in order to meet the standard, including:

Overall there are literally hundreds of details to be addressed, each requiring an understanding of the risks to information security as well as thorough justification and documentation of compliance actions taken.
HIPAA Privacy Compliance
Everyone in health care remembers when the HIPAA Privacy Rule compliance deadline came along, in April of 2003. There were new policies and procedures, lots of training, and lots of paper forms and notices generated. After a while, things became routine and compliance with the HIPAA Privacy Rule became more assumed than assured.

Do you and your staff know what the process is for a patient to ask for a modification to their medical record? It may happen rarely in your facility, but you need to be ready and know what policy controls amendments.
Have you implemented reasonable and appropriate information security safeguards and processes?

Are you prepared to provide a complete accounting of disclosures to the individual who requests one? When did you last review your disclosure logging process and ensure you are recording the necessary information?

These are only a few of the many questions you need to ask to determine if you are in compliance with the HIPAA Privacy Rule. Enforcement of HIPAA has now begun, so now is the time to review your compliance.

Has your organization reviewed its policies and procedures, assessed its compliance with the regulations, and provided renewed training to ensure compliance by your workforce?

Proviatek HIPAA Privacy Review Services can provide experienced assistance in helping you meet all the requirements of the Privacy Rule.

What Does a HIPAA Privacy Review Involve?
A HIPAA Privacy Review includes three tasks: evaluation, inspection, and improvement.

Task One: Evaluate the existing health information privacy policies and procedures to see if they 1) match the operations of the organization and 2) meet HIPAA requirements.

Task Two: Interview workforce members and tour/inspect the facilities to find out the level of understanding and appreciation of the HIPAA Privacy requirements and the organization’s supporting policies.

Task Three: Create and implement an improvement plan for HIPAA Privacy Rule compliance that consists of policy development and training to correct the deficiencies identified in tasks one and two.

And, of course, each of these tasks must be fully documented in order to show compliance with the HIPAA Privacy Rule.

How Can Proviatek Help?
We’re always happy to speak with you to answer your questions. We can suggest how to deal with a specific HIPAA issue or how to plan your compliance activities overall.

Proviatek has the experience to assist you in all of the critical tasks involved with a HIPAA Privacy Rule compliance review. We can provide a complete review or perform individual tasks, as desired. Our work can be tailored to meet your needs and your budget. Contact us today for more information or a free preliminary quotation for services.